PWM
Last updated
Last updated
IBRACORP - https://ibracorp.io YouTube: https://youtube.com/c/IBRACORP GitHub - https://github.com/ibracorp unRAID Forum - http://bit.ly/2MwDPTV Discord - https://discord.gg/VWAG7rZ Twitter - https://twitter.com/IBRACORP_IO
Prefer a video guide? Here's the video version of this documentation:
PWM: https://github.com/pwm-project/pwm MySQL Connector (select version 5.1.49 - Platform Independent): https://downloads.mysql.com/archives/c-j/
PWM Sycotix's Repository Tools:Security
Head to the Community Applications store in Unraid
Search for and click to install 'PWM' from Sycotix's Repository
The template does not need any modifications past the port you want to reach it on, if the default of 8282 is already in use on your system.
Click done and wait for the container to pull down and start.
Ensure you have MariaDB installed and operational. We recommend using Adminer to manage your MariaDB. Click here to see how.
Open your MariaDB in Adminer (or use CLI if you prefer) and create a database called 'pwm'.
Create a user and password for the new database called 'pwm' - and grant it all privileges.
In your FreeIPA server, ensure you have a test user account. It does not require any special privileges and should be a normal user. \
**Tip: Default behaviour in FreeIPA means that when an admin user sets or resets a users password, it will automatically expire immediately. \
Sign in to FreeIPA as that user to ensure the proper password is in place. Check the expiration date of the password to be sure it's valid.**
Download the MySQL/Java connector package from the Useful Links section above.
With all the above done we are now prepared for configuration.
Left-click the PWM container and open the WebUI \
Tip: if you receive constant redirects, in the address bar, remove everything past the port so it looks like this: http://SERVERIP:8282 (where SERVERIP is your server which PWM is running on)
Once you see the WebUI, click Next to begin the Configuration
Select the 'Manual Configuration' option
Set a Configuration Password. This will be required any time you wish to edit the config of PWM.
Now, you can configure all the below settings. \
WARNING: YOU MUST CHANGE VALUES WHICH ARE SPECIFIC TO YOUR ENVIRONMENT. i.e. Base Domain, IP addresses and Ports.
With all the above configured, you have the minimum required to connect to your FreeIPA LDAP and use it for authentication.
Select Save in the very top-right of the Configuration Editor.
Once it sends you back to the login screen, select Configuration Manager.
Check that everything looks okay, it should look like this:
If it all looks clear, head to your home page and try to sign in with your FreeIPA admin account. This will allow you to check that authentication is working.
Once you sign in using an authenticated account successfully, you must now take PWM out of Configuration Mode.
Head to the Configuration Manager and select Restrict Configuration.
Profit.
Now that you have the basics set up, you can successfully use PWM to authenticate users and process user management. However, some addition config is recommended at your own discretion in the Configuration Editor. 1. Set up your SMTP setting to allow emails to work 2. Set up your reverse proxy and DNS entries to allow the https://portal.domain.com address to work externally 3. Set up your password policies 4. There's plenty more PWM can do (over 400 settings). So take your time and enjoy the process.
You may also need to try the following settings to resolve common problems: